Greetings Troublemakers... welcome to Trouble. My name is not important. At 10:30pm on October 29th, 1969, Charlie Kline, a student programer at UCLA, successfully sent the first digital message from one computer terminal to another via the DARPANET, a top-secret research project run by the US Department of Defense. The transmission of this single word, 'login' was a pivotal moment in human history, as it represents the official birth of the Internet. And it was from here that the first message was sent. A revolution began! In the nearly fifty years that have followed, this invention has thoroughly transformed our world and come to dominate virtually all aspects of our lives. It has restructured and rejuvenated capitalism, by revolutionizing finance and transforming the globe into a single interconnected marketplace. It has provided new methods of interacting with one another and helped shape the ways that we receive and process information. And it has provided a place for people to upload terabytes of videos of their cats. This is pinky... he's a male. He's available for adoption. He's pet of the week. The Internet has also become the central pillar of a new form of social control based around mass data collection and the construction of algorithms aimed at better predicting and manipulating human behavior. But while states and digital capitalists have used the Internet as a platform for mass surveillance and pacification, it has also been a site of subversion and created new possibilities for decentralized attacks on the dominant order. We've got a problem. What? Someone synched a RAT to one of my servers. A remote access tool – we're being hacked! On the front-lines of this war are hackers ... those who use curiosity, programming skills and problem solving to unlock closed systems and bend powerful forces to their will. Over the next thirty minutes, we'll share the voices of a number of these individuals as they share their experiences of defacing web sites, leaking emails, developing tools to thwart digital surveillance ... and making a whole lot of trouble. Hacking is one of those terms that I think has become a little bit nebulous. I would define it as using technology in a way that wasn't intended, by finding bugs and oversights in designs to make it produce results that were never supposed to happen. Creative subversion of technical systems. You take software and you modify it to get another result. For example, accessing information on a system that you shouldn't be able to access. Or making the system do something that it shouldn't be able to do – or that you shouldn't be able to make it do. There's a lot of different definitions of hacking, depending on who you ask. US criminal law defines computer hacking as unauthorized access to obtain information, transmitting destructive code, etc. I mean, they've basically expanded the definition in their ongoing efforts to criminalize everyday Internet activity. If you ask someone like Richard Stallman, he'll tell you that it's really just a creative solution to a problem. But hackers also do like to break into systems. There are all kinds of systems, and there's all kinds of access ... and all kinds of ways to gain access. Some hackers choose to fix and protect these systems. They work for the government, Microsoft etc. They call themselves White Hats. They're not even really hackers. They're seen in the hacking scene as sellouts. They do it for the paycheck... or maybe because of the flag. But there are those, of course, who don't don't it for employment. They don't do it for a paycheck, they do it for the love of solving complex puzzles. For the thrill of breaking into whatever artificial borders that these people decide to erect. Everything that's built can be broken. I don't think hacking has changed all that much in the last few years. What really has changed is the scope of things that can be affected by hacking. Before, in the 90's, most of it was just practical jokes because none of it had a lot of impact on real life. And in popular culture, you start to have hackers appear in movies, in television series, where there's this whole figure of these hackers that have these super powers. That can invade computer systems in any way, shape or form. There's a new virus in the database. What's happening? It's replicating... eating up memory.... uhh, what do I do? Type 'cookie' you idiot! Then it gets a lot more popularized. Since the dot-com boom at the end of the 90's, things now have a huge impact. And everything tends to be connected to the Internet, or some sort of network. As digital information networks have evolved, a lot of personal information is being stored. Y'know, big data corporations and industries are relying on computers ... so hackers have access to this kind of information that these big companies have as well. Hacking can be very simple and very complex. But most times hacking is very simple. By supplying input in a certain way, you're able to make the back-end system believe that what you're supplying is actually part of its own code. Which, in a lot of cases, can give you full access to that system. That's not just limited to computers or telecommunication systems. We can really kind of apply this idea to all kinds of technical systems. So, for example, something like social engineering is a human form of hacking. Y'know, you can pretend to be somebody that you're not and ask another person questions about themselves in order to get them to reveal private information. It's possible that there is software in theory that doesn't have vulnerabilities. But in practice, that's impossible to have. If an application or a system performs queries to a database based on your input, you could possibly alter your input to be able to then alter the database query, and possibly gain access to information that you shouldn't be able to. Mostly what an exploit does, it's a small tool that you run to get access to a special sector of the software you want to get. A lot of exploits and vulnerabilities are discussed publicly and being used in the wild. If you pay attention to lists like Full Disclosure or Security Focus, they'll tell you some of the latest tricks that are being used. Of course, those are the ones that are already publicly known, and that the vendors have already released patches for ... but a lot of companies don't always patch. They're not as on-top of it as they'd like to think that they are. For example, the Equifax hacks a couple of weeks ago was running outdated versions of Apache software. Most people don't really do updates regularly. So most people will actually get hacked by something very simple. Denial of service attacks ... basically coming up with ways to create an enormous amount of traffic to your server, to the point where it can't continue to provide those services. There's such a thing as Distributed Denial of Service attacks, where that traffic is coming from many places at the same time. The most serious techniques are what they call 'undisclosed vulnerabilities', what they call a 'zero day.' When someone discovers a vulnerability, and instead of reporting it – which is the White Hat way – they continue using it privately. And they don't report it publicly, so that way for anyone to really adequately protect themselves against it. I think a useful way to think about this is that the Internet is a really hostile place. It was never designed with privacy or security in mind. State actors and corporations control the entire thing. And so when you talk about their ability to exploit it ... I mean, to me, so many of the basic services that we use on the Internet are exploitative without thinking about a hacker getting into it, or malware or something like that. State actors like the US government have the ability to observe all Internet traffic in real time, collect it and store it, and then use it later at their discretion. And they work very closely with the digital capitalists – facebook, google and all these other entities – who are already storing that information anyway. The Internet has long been a tool used by social movements of various political stripes, both as a means of disseminating information and a fertile ground for recruitment. Back in the 1990's, the anti-globalization movement arose alongside the open-media publishing platform, Indymedia, which allowed for the virtual coordination of many localized fronts in the global fight against neoliberal capitalism. I need 50,000 people. 50,000? You're gonna have to give me some time. And drums. You want drums? OK, I can do that. And what about the Italians? The Italians? Man, they're stuck on the border. They're gonna be with you tomorrow. And the black bloc? The black bloc are already there. You're gonna see black and red like there ain't no tomorrow, kid. You just sit tight. These days, social media platforms like facebook have given rise to a new form of online activity known as 'clicktivism', in which likes, shares and the signing of online petitions have become a popular way for liberals and so-called 'progressives' to project an image of ostensible participation in campaigns centered around a variety of social justice-related issues, and often masking their lack of participation in real world struggles. Real change requires real action. That’s why I always share political articles on facebook, whenever I see them. But not everyone has been lulled into this comforting delusion of how social change works. On both sides of the political spectrum, groups and individuals have continued to use the Internet pragmatically, both to spread their ideologies and coordinate their IRL activities. Anonymous is a decentralized network of hackers and activists that exist in places like IRC and Twitter, and anyone is free to become Anonymous and start their own operations within the network. It's kinda similar to the black bloc tactic used as cover and collective identity. I'm doing ten years in the fence for computer hacking charges related to my involvement in Anonymous. I was hacking police departments, military contractors ... defacing their websites, releasing their emails and databases to the public. One of the bigger targets was a company known as Strategic Forecasting – Stratfor – which is a private intelligence firm made up of mostly former State Department and CIA agents. We took down their website. We went on donation sprees with all their clients' credit cards, and gave their email archives to Wikileaks. And Wikileaks pubished them, showed that they had been spying on activist groups on behalf of corporations like Dow Chemical. Groups like Anonymous got really really famous defacing websites. Other groups attacked police websites, getting all the data they have about current police members. There's also groups that were blocking huge institutions, like credit card companies or banks. If they block their transactions, they lose money. So there's a bunch of stuff you can do with hacking. Anonymous, they were really famous for really getting that kind of popular participation in a hacking movement that really didn't mean you had to be an expert to use it. You could download a piece of software, and you could just run it on your computer and you would enter in the target URL and you could begin to participate in what was effectively like a virtual sit-in. Now as far as Anonymous, or hacktivists in general playing a role in revolutionary movements... Anonymous was very active during Occupy Wall Street and the Arab Spring. In general, an overall revolutionary strategy benefits from a diversity of tactics. Multiple attacks converging from all angles, including street protests, to smashed windows, to hacked websites. So Anonymous, y'know, revealing scandalous personal information on individuals associated with a company that is the current target of protests – timed well, it could be very effective. It's a really interesting concept to me. And a lot of people who are members of Anonymous use tools that I work on every day. And I hope they will use them for good. I think the unifying idea is just using anonymity to achieve some end. And doing it with other people. And I think that that speaks to some of their internal contradictions too, because they're not unified by a political ideology. Members of Anonymous fight with each other about that. And I think when you have no political ideology motivating work like that – work that has the potential to impact the whole globe, and has before - it can be really dangerous. We of Anonymous declare total fucking war on antifa, and all who support their criminal and violent actions towards innocent civilians. I've seen Anonymous operations go after people in a kind of y'know, right-wing, Pizzagate-type style. You know... I mean it originated on 4Chan. Historically, the hacker community has been very inclusive. When everything started, nobody really knew who was on the other side of the line. Everyone was just green text on a black background. With that said, there is a lot of sexism in tech generally, and I'd say that the people who are recruited from places like Reddit and 4Chan are like, y'know, your typical tech bros. Every community on the Internet, and every sub-community within those sites, whether it's 4Chan or Reddit or whatever, has a dog in the fight in gamergate. Gamergate and 4Chan, and the origins of the alt-right, I think are one of the most obvious confirmations of something that many of us who are radicals already knew ... which is that toxic masculinity, misogyny, whatever you wanna call it, is an incredibly dangerous and violent force. And it never ends there. Beyond the origins in 4Chan, I don't really know exactly where a lot of these young men came from. I imagine that it's probably not any more interesting than they are a result of late-capitalist alienation. But I think that they started out with, y'know, just like your garden variety misogyny. And then actual literal fascists went to their forums and whispered fascist poison into the ears of these impressionable men. And because they already were prone to violence and bigotry, then it was just the natural conclusion. Doxxing is the practice of exposing information about your opponent that they'd rather have kept secret. Typically, doxxing happens from information that is already somehow readily available ... maybe just a little bit hidden. If someone is doing their activism under a pseudonym, attackers will search for any connection to their real physical persona and put that information online. And then whoever the target is, all the people who wanna go after that target will work collectively to terrorize them. The result of it can be, y'know, something like getting 50 pizzas delivered to your house ... or it can be a SWAT team showing up in response to a fake bomb threat. Protection against this is best done by compartmentalization of your online activities. So keep your activist activities and your regular activities separate. Use different email accounts when you sign up for services. Doxxing's also been used by hacker collectives to expose lists of police officers, members of fascist organizations... A lot of people were doxxed after the Charlottesville rally out of just public open-source knowledge, and had to back-track on their beliefs and actually had to go out in public and offer apologies. In June of 2010, a malicious computer worm called the Stuxnet virus was first discovered by a small Belorussian software company, VBA32. It was soon shared with cyber-security experts at Kaspersky Labs, in Moscow, and Symantec in Silicon Valley, who quickly realized that it was unlike any virus ever seen before. Far from your run-of-the mill malware, Stuxnet was a sophisticated weapon, comprised of millions of lines of code and believed to have been jointly developed by the cyber-warfare divisions of the American and Israeli military. Its target was the Natanz nuclear enrichment facility, in Iran. For Natanz, it was a CIA-led operation. So we had to have agency sign-off. Someone from the agency stood behind the operator and the analyst and gave the order to launch every attack. For months, the virus had lain hidden within the plant's Programmable Logic Controllers, machines that are commonly used to regulate and control a wide variety of industrial processes. Running commands that were completely untraceable to workers in the plant, Stuxnet targeted centrifuges for sabotage, causing them to explode, seemingly without cause. The virus was only discovered due to an error in an upgrade patch, which allowed it to jump out of the secured military facility and onto the world wide web …. otherwise we would have never even known it existed. The Israelis took our code for the delivery system and changed it. Then, on their own, without our agreement they just fucked up the code. Instead of hiding, the code started shutting down computers ... so naturally people noticed. Because they were in a hurry, they opened Pandora's Box. They let it out and it spread all over the world. The Stuxnet virus set an important historical precedent, as it heralded the beginnings of a dangerous new chapter in modern warfare. Still in its relative infancy, state-led cyber military campaigns are now being conducted under conditions of total secrecy, shrouded from public scrutiny, or even knowledge. And given the widespread incorporation of digital systems into all aspects of industrial civilization, from electrical grids to emergency management systems and even missile launch sites, the potential consequences of these types of attacks could lead to truly catastrophic loss of life. And while states have been the first to reach this stage in the development of offensive cyber warfare, corporations and other sub-state actors are already charting their own courses in the militarization of digital systems.